Hi Kevin, > I found that the hash function is causing collisions in the generated > database such that some CVEs are being overwritten because of the UNIQUE > constraint on the HASH column. For example, CVE-2018-1000873 has the same > hash of 623198722 as CVE-2018-18338. This results in one of the two CVEs not > appearing in the database.
This is problematic. I kept using djb2 hash function, because it was the one used in the previous cve-check-tool and it was fast. But it might not be the right hash function to use. Do you have a better hash function in mind ? I can also drop hash function, remove everything from the database and recreate all entries at each update but it will increase database update time. I don't have the same hash as you for CVE-2018-1000873 and CVE-2018-18338, do you use my latest patches from master ? I did several changes recently. Pierre Le Magourou -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core